pks for openssh

Ben Lindstrom mouring at etoh.eviladmin.org
Fri Oct 11 05:45:19 EST 2002


It is a subsystem.  It is not modifying the OpenSSH code at all, and the
licensing in publickey-server.c is BSD two clause licence.  Which is what
we encourage.

However this bugs me:

RCSID("$OpenBSD: publickey-server.c,v 1.33 2002/06/30 00:00:00 markus Exp $");

This is not a valid RCSID for OpenBSD.  Which IMNSHO is very poor manors.
Leave the RCSID alone or remove them.  Don't randomly change them.

Looks like it based on sftp-server.c


<shrug> In general if I follow the code and RFC it is just a way of
managing 'authorized_keys'  It even is wrong since we no longer support
authorized_keys2.

I've never seen it submited to inclusion.  I'd  have to look closer at it
to make any good or bad comments.

- Ben

On Thu, 10 Oct 2002, Vincent Danen wrote:

> I was directed to the following site by one of our customers regarding
> a keyserver built into openssh.  There's a patch for 3.4p1 on their
> site, but the license isn't very clear, nor is it clear if they have
> approached the openssh team regarding the inclusion of this subsystem
> into openssh proper.
>
> I've been asked to patch Mandrake's openssh with this feature, but I'm
> hesitant until I know what others think and, primarily, whether or not
> they have even contacted people like Markus or Theo about this.  The
> RFC is written by them, and it looks like they sell some commercial
> software around this idea as well.
>
> Here is links to more info:
>
> http://www.vandyke.com/download/os/pks_ossh.html
> http://www.vandyke.com/technology/draft-ietf-secsh-publickey-
> subsystem.txt
>
> The idea of it sounds interesting, but I would really like to know if
> they have approached anyone regarding having it included in openssh
> proper.
>
> Thanks.
>
> --
> MandrakeSoft Security; http://www.mandrakesecure.net/
> "lynx - source http://linsec.ca/vdanen.asc | gpg --import"
> {FE6F2AFD: 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
>




More information about the openssh-unix-dev mailing list